Diverse aspects of web application testing and tools

Now a days more and more activities in our lives are happening online, so the importance of testing the web based software in the integrated world is increasing dramatically. Searching information in internet is turned into standard, hence hosting just a representative web site is no more enough for all businesses. In order to be and stay relevant, you have to deliver information in an appropriate manner, being intuitive, well organized and available on every device. To maintain high standards of your web site, you need comprehensive testing too. So what does it mean comprehensive testing?

1 Unit testing

The first step is the unit test. It is an isolated test, performed by the software developer immediately after implementing some functionality. Many teams prefer even Test Driven Development (TDD) in this case the unit test is written even before the developer has started with the development. Typical for the unit tests is, they are isolated. It means they test only small part / unit of the code and everything else is mocked (simulated). There are many frameworks easing this process, since we are talking about web sites i will concentrate on javascript based. The most popular frameworks are mocha and jest. Both are easy to use and the learning curve is really flat. The mocha is more recommended for big projects and really comprehensive tests, jest is more for small projects and swift development cycles. How to set up your unit test environment will be shown in an additional topic in our blog.

2 Functional testing

2.1 Use case testing

This is probably self explaining, all the business logic has to be end to end tested. From the most tedious use case like create account to complicated business flows with more steps and asynchronous happening events. But let us bring a little bit structure.

2.2 Links testing

A common problem is not working links. Unfortunately it always happens also by some of the biggest companies. Many times the parameter of the URI query change or the resource name. All this leads to invalid links and bad user experience(UX). That’s why it is now a days very important to keep all your internal and external links valid. And don’t forget, also all image links should be valid!

2.3 Forms and validations testing

With the changing requirements also the number, obligation and the format of the fields can change. It is important to keep your validity rules up to date to avoid invalid data landing into your application databases.

2.4 User interface (UI) testing

In a times of continuously growing number and format of devices, from a small cell phone to a huge 60+ inches TV a UI test is gathering importance. An web application must be first of all compatible to the most relevant browsers: Chrome, Firefox, Safari, Opera and then responsive to different resolutions supported by the targeted devices.

2.5 Tools for functional testing

A leader in the field of functional testing is selenium. There are many other tools like qftest which are not bad, but not covering all the aspects and having the huge disadvantage to be payed. Apart from it there are also couple of selenium forks like katalon. Advantage here is, this platforms enable all the tests to be ordered in suits and maintained in version management tools like git. By every change of the software, the tests should be adjusted appropriately. Nightly executions of all the suits is also very good practice, to keep your product clean from bugs. There will be additional blog post for how to setup a selenium test environment.

3 Integration testing

This is another developer test, but this time it is not isolated. It includes two or more modules and their collaboration. Integration tests could be also long leaving scenario test. The best approach is to execute them in continuous integration(CI) runs on a daily basis and after integrations. Integration tests can be written in any programing language and for swift development platforms like soapUI can be used. Similar to selenium soapUI gives also the possibility to structure your tests and maintain versions in version management tools.

4 Load and performance testing

Another aspect continuously gathering attention is the load and performance test. Especially for e-commerce web sites the low latency is from a crucial importance. The amazon leading managers estimated long ago, that every second delay is at least a million loss for the company. So how can we track the performance of our website? The first choice is surely the development tools in chrome and firefox. Here you can visualize the time your page spends for different activities, external requests, etc. This analysis shows you how your page perform. If you want to see how your load balancer, DNS provider, etc. you can use one of the many pages like WebPageTest or Dareboost which can measure the speed of your page and do some primitive analysis. To perform some more comprehensive analysis and profile how your page behaves also under load, you can use tools like locust, siege or apache bench. Google have also their insights and a very useful plugin lighthouse for the development tools.

5 Security testing

Web page security testing is another topic, which gathered huge attention in last years. Due to diverse attacks millions of private data was stolen and published in internet. As a topic it is also an almost endless one. The most important here is at the first place to have your web page SSL secured. It means your web server has to encode all the requests with a certificate preferably issued by on of the many well known providers. Apart from this it is also recommendable to use CAPCHA for resources as login, upload, submit, etc. Kind of fraud detection is also recommendable and ip blocking is a good approach to avoid flood attacks. Here most recommended is the OWASP Foundation page, where you can find the newest information. More information about tools, scanners, injectors, but also courses can be found at Hackr.io